cancel
Showing results for 
Search instead for 
Did you mean: 
rrajaman
Level 9

Windows 7 Support

Does MVM include OS fingerprint for windows 7 currently? 

0 Kudos
4 Replies
cgrim
Level 13

Re: Windows 7 Support

Yes, MVM can detect Windows 7 systems.  Since Windows systems in general (and Windows Vista, Windows 7 and Windows Server 2008 in particular) are extremely similar from a remote identification perspective.  As with all versions of Windows (and all operating systems in general) we stand a better chance of correct identification if more ports and more data are available. For Windows, having TCP port 445 open is the best bet at accurate identification. Using credentials is of course the ultimate method.

on 11/3/09 9:41 AM
0 Kudos
josepht
Level 7

Re: Windows 7 Support

Hi Cathy,

When you say Vista, 7 and 2008 are extremely similar from a remote identification perspective, wont it increase the probability of mismatch if authentication is unavailable?

Thanks

Joseph

0 Kudos
CIPHENT.com
Level 11

Re: Windows 7 Support

Yes it will. They are "similair" as their implemented TCP/IP stack is almost identical. You can also integrate ePO as a data source within Foundstone to pull accurate OS information.Another good idea is to keep your custom OS fingerprints 100% up to date. You should be checking them monthly and knocking out as many unknowns as possible.

Team McAfee at Ciphent

experts@ciphent.com

www.ciphent.com

0 Kudos
mmsmith
Level 7

Re: Windows 7 Support

Cathy,

You mention the best way is through TCP port 445, but which services need to be enabled for MVM to be able to gather as much information as possible? I know MVM uses the WMI and Remote Registry services to authenticate, but do you need both enabled? I believe by default Windows 7 has the startup type set to manual on these, but I could be wrong. Anyway, just curious what McAfee suggests or if someone could point me to a KB or something that'd be great.

Thanks,

Michael

0 Kudos